Programme @ GOVSEC

Jessica Figueras, Founder, Hither Strategy

Stuart Frost BEM, Head of Enterprise Security & Risk Management, DWP

A look at why a risk driven approach to security is so challenging in today’s delivery-focused environment:

• Is the problem the IT or is it people?
• Is it compliance or continuous improvement?
• How do we gain assurance?
• How do we work together to deliver safely and securely?

Tendayi Moyo, Regional Account Manager for Public Sector, Trend Micro

The unprecedented events of the last two years have propelled government digital transformation, paving the way for challenges – and opportunities. Whilst it has helped to support remote workers and drive business efficiencies, the rise in home schooling and work has increased the number of threat vectors. Trend Micro detected over 94 billion cyber-threats in 2021, up 42% on the previous year. Threat actors are seeking out visibility and control gaps with ease, and monetising attacks in ever more destructive ways.

This session will cover the need for a unified approach in maintaining visibility in such times of uncertainty whilst managing information siloes, the skills gap and siloed teams, new ways of working, and a drastically changing threat landscape:

• How increasingly complex environments are creating even broader attack surfaces
• The challenges in assessing, managing, communicating risk – and ultimately mitigating it
• Consolidating and enhancing protection for customers from the endpoint to the cloud, and beyond

Adrian Warman, Head of Security Policy, Awareness, Culture and Education (SPACE), Ministry of Justice 

Security policy is critically important to any enterprise. But how do we find the balance point between the conflicting demands of correctness, complexity, completeness and comprehension? The more detail we provide, the greater the chance of loopholes, or inconsistencies.

In this talk, I introduce the MoJ Security Policy, Awareness, Culture, and Education (SPACE) team, and explain how an information architecture supports a rich and consistent delivery model, focusing on better-than-good-enough security outcomes.

In particular, we cover:

• A gold-standard information creation and delivery pipeline
• Escaping from ‘the ivory tower’ with the help of non-practitioners
• Measuring messages

Paul Squires, Lead Identity Strategist, SailPoint

Integrating identity and security technologies to address a specific requirement is just one piece of the modern cybersecurity puzzle. Broader initiatives, like Zero Trust and Insider Threat, also require an identity-centric approach to ensure security and an optimal user experience.

The identity-centric security approach provides real time, intelligence-based access to data and applications by integrating IAM infrastructure with enterprise cyber security technologies. Identity has finally transitioned from operational and user experience driven, to being recognised as the core of security.

During this session we will discuss:

– The framework and practical guidance that helps organisations put identity at the centre of their security strategy.

– How to optimise existing investments to solve complex identity security challenges

– How Identity Security gives your agency unmatched visibility while automating and accelerating control and compliance of all users, entitlements, systems, data, and cloud services.

Purvi Kay, Head of Cyber Policy, Outreach & Business Operations Team, Home Office

Studies often claim the primary reason for the security skills gap is the lack of qualified candidates available to recruit. Is this really true?

This session will cover:

• How can we get a better understanding of the security skills gap and its causes?
• Are we creating an artificial skills/talent gap by putting an excessive focus on technical skills?
• What role does Neurodiversity play in creating and developing a robust talent pipeline of security professionals to tackle today’s security issues?
• What’s been done so far and what can we do to make things better?

Jessica Figueras, Founder, Hither Strategy

Brendan Casey, Solutions Engineer, BeyondTrust

Remote working is now commonplace, while hybrid and multicloud footprints continue to rapidly expand. In this increasingly perimeterless world, Public Sector organizations must embrace zero trust security principles, such as least privilege, continuous authentication and monitoring, segmentation, and microsegmentation to stay secure, while moving digital transformation forward.

Join Brendan Casey, Solutions Engineer, who will share:
• What Is Zero Trust?
• Zero Trust vs. Zero Trust Architecture – Are They Different?
• The Path to Zero Trust

Anulka Clarke, Head of Assurance, ICO

The 2020 pandemic has meant that more and more of us have had to work from home. This is particularly true for government employees, which already had a significant percentage of its workforce operating remotely.

Such growth has led to an increase in potential attack vectors as sensitive information and critical systems move outside of the traditional network setting in order to support user access from multiple locations and devices.

We address key security risks and controls from a data protection perspective; with reference to case studies taken from ICO audits and investigations as well as security breaches reported to the ICO.

Dean di Pasquale, Head of Information Assurance, 6point6

The UK does not have a singular cyber security framework to which companies can certify, which can make it a tricky to navigate and costly to get wrong. Join Dean di Pasquale as he explores real client stories to give a simple breakdown of the necessary classifications, clearances, cyber regulators, certifications and frameworks needed to operate in the Public Sector.

Delegates have the chance to attend one of the Seminar Sessions:

View Seminar Sessions

Jessica Figueras, Founder, Hither Strategy

Daryl Flack, Security Lead, Smart Metering Implementation Programme, Department for Business, Energy and Industrial Strategy (BEIS)

This presentation will discuss the approach taken to designing, building and maintaining the Smart Metering system whilst enabling technology diversity and change in a secure and managed way. It will include how technical, regulatory, governance and assurance requirements are met, and the approaches taken to strike the right balance between security, business needs and broader policy and national security objectives.

•Roles and responsibilities
•Setting a framework for success
•Risk Assessment
•Security Requirements
•Security Architecture
•Trust Modelling
•Securing Communications
•Regulatory Instruments
•Assurance
•Governance
•Building and maintaining a secure ecosystem
•Enabling technology diversity and change securely

Baldeep Dogra, Director, Product Marketing (+Solutions & Vertical Marketing), BlackBerry

After Brexit the UK needs to re-position itself as a beacon for global business and cybersecurity awareness will play a key part in building that attractiveness. The NCSC published their ’10 Steps to Cyber Security’ recommendations recently that would give organisations guidance on how to protect themselves in Cyberspace.

This session will position an AI based approach to Cybersecurity that will support and strengthen the NCSC’s vision while giving perspective on the user and not just endpoints.

Jude McCorry, CEO, Scottish Business Resilience Centre

This talk will be centred on the role played by the Scottish Business Resilience Centre and its approach to working collaboratively and bringing together the Scottish Government, Police, Fire and Rescue, and other primary public service providers.

Jessica Figueras, Founder, Hither Strategy

Deep Singh, Lead Security Engineer, National Records of Scotland

In a world focused on external threats, from professional hackers to foreign intelligence services, what is often forgotten is the individuals and third-party organisations who already have a degree authorised many would-be adversaries could only dream of.

Whether by accident or design, malicious damage carried out by such actors can have a devastating impact on operations, service delivery, reputation and budgets.

We address, how you can minimise the threat posed by internal actors, from programme and project management through to technical services, enterprise audit, analysis and permissions management.

Shelton Newsham, Divisional Information Security Officer, UK Health Security Agency

Networks run by hostile states or organised criminals are being increasingly utilised in order to capture the private and highly sensitive data of senior government security and risk leaders.

The primary mode of attack is through the sending of seemingly innocuous connection requests dressed up as an offer for a lucrative job offer.

We address:

• Caution when connecting with profiles you don’t know
• One click can lead to being linked to malicious profiles
• Impact on your organisation and colleagues
• Threat may escalate to the level of national security

Jessica Figueras, Founder, Hither Strategy

Platform remains open for two weeks